Urgent Security Alert: Malicious Mining Code in Vulnerable Vant Versions – Update to v4.9.15
A security advisory warns that malicious mining code was injected into certain Vant component versions, targeting users from specific regions, and urges developers to verify their Vant version and upgrade immediately to the safe release v4.9.15.
A team member's token may have been stolen, and attackers injected malicious mining code into the Vant component.
The injected code triggers browser mining when users from IPs in China, Hong Kong, Russia, Belarus, or Iran load the compromised Vant component.
Immediately check the Vant version you are using; the latest safe version is v4.9.15.
The following Vant versions are known to be compromised and must not be used:
4.9.14
4.9.13
4.9.12
4.9.11
3.6.15
3.6.14
3.6.13
2.13.5
2.13.4
2.13.3
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
JavaScript
Provides JavaScript enthusiasts with tutorials and experience sharing on web front‑end technologies, including JavaScript, Node.js, Deno, Vue.js, React, Angular, HTML5, CSS3, and more.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.